Uploaded image for project: 'netconf'
  1. netconf
  2. NETCONF-765

Auth failed - Unable to negotiate key exchange for kex algorithms

XMLWordPrintable

      Exception is thrown when connecting NETCONF devices with certain kex algorithms to ODL.
      I encountered this problem with Cisco NSO 5.2.

      Exceptions thrown (for more details see attached karaf.log):

      15:29:08.791 WARN [sshd-NetconfSshClient[1029d22e]-nio2-thread-6] Unable to setup SSH connection on channel: [id: 0x93bf3c69]15:29:08.791 WARN [sshd-NetconfSshClient[1029d22e]-nio2-thread-6] Unable to setup SSH connection on channel: [id: 0x93bf3c69]org.opendaylight.netconf.nettyutil.handler.ssh.client.AuthenticationFailedException: Authentication failed at org.opendaylight.netconf.nettyutil.handler.ssh.client.AsyncSshHandler.lambda$handleSshSessionCreated$1(AsyncSshHandler.java:132) [bundleFile:?] at org.opendaylight.netconf.shaded.sshd.common.future.AbstractSshFuture.notifyListener(AbstractSshFuture.java:159) [bundleFile:?]
...
Caused by: org.opendaylight.netconf.shaded.sshd.common.SshException: Unable to negotiate key exchange for kex algorithms (client: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256 / server: diffie-hellman-group14-sha1)Caused by: org.opendaylight.netconf.shaded.sshd.common.SshException: Unable to negotiate key exchange for kex algorithms (client: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256 / server: diffie-hellman-group14-sha1) at org.opendaylight.netconf.shaded.sshd.common.session.helpers.AbstractSession.negotiate(AbstractSession.java:1873) ~[bundleFile:?] at org.opendaylight.netconf.shaded.sshd.common.session.helpers.AbstractSession.doKexNegotiation(AbstractSession.java:702) ~[bundleFile:?]
...

       

       

      This issue is present on both master (1.13.1-SNAPSHOT) and 1.9.3-SNAPSHOT versions.

      Cause of this problem is most probably bump of sshd library to version 2.6.0.
      I tested same scenario on branch 1.9.3-SNAPSHOT but before this commit and everything worked OK.
      https://git.opendaylight.org/gerrit/c/netconf/+/95257

       

       

       

        1. karaf.log
          13 kB

            oleksii.mozghovyi Oleksii Mozghovyi
            samuel.kontris Samuel Kontris
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: